Socket
Socket
Sign inDemoInstall

rehype-dom

Package Overview
Dependencies
4
Maintainers
2
Versions
13
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

rehype-dom


Version published
Maintainers
2
Created

Readme

Source

rehype-dom

Build Coverage Downloads Size Sponsors Backers Chat

unified processor with support for parsing HTML input and serializing HTML as output.

Contents

What is this?

This is like rehype but for browsers.

When should I use this?

Use this package when you want to use rehype in browsers. There are some limitations: see the monorepo readme for info on when (not) to use rehype-dom.

Install

This package is ESM only. In Node.js (version 16+), install with npm:

npm install rehype-dom

In Deno with esm.sh:

import {rehypeDom} from 'https://esm.sh/rehype-dom@7'

In browsers with esm.sh:

<script type="module">
  import {rehypeDom} from 'https://esm.sh/rehype-dom@7?bundle'
</script>

Use

Say our page example.html contains:

<!doctype html>
<title>Example</title>
<body>
<script type="module">
  import {rehypeDom} from 'https://esm.sh/rehype-dom@7?bundle'

  const file = await rehypeDom().process('<h1>Hi <del>Mars</del>Venus!</h1>')

  document.body.innerHTML = String(file)
</script>

…opening it in a browser renders the following in <body>:

<h1>Hi <del>Mars</del>Venus!</h1>

API

This package exports the identifier rehypeDom. There is no default export.

rehypeDom()

Create a new unified processor that already uses rehype-dom-parse and rehype-dom-stringify.

You can add more plugins with use. See unified for more information.

👉 Note: the default of the fragment option is true in this package, which is different from the value in rehype, because it makes more sense in browsers.

Examples

Example: passing options

When you use rehype-dom-parse or rehype-dom-stringify manually you can pass options directly to them with use. Because both plugins are already used in rehype, that’s not possible. To define options for them, you can instead pass options to data:

import {rehypeDom} from 'https://esm.sh/rehype-dom@7?bundle'

const file = await rehypeDom()
  .data('settings', {fragment: false})
  .process('<!doctype html>' + document.documentElement.outerHTML)

console.log(String(file))

Syntax

HTML is parsed and serialized according to what a browser supports (which should be WHATWG HTML).

Syntax tree

The syntax tree used in rehype is hast.

Types

This package is fully typed with TypeScript. It exports no additional types.

It also registers Settings with unified. If you’re passing options with .data('settings', …), make sure to import this package somewhere in your types, as that registers the fields.

/**
 * @typedef {import('rehype-dom')}
 */

import {unified} from 'unified'

// @ts-expect-error: `thisDoesNotExist` is not a valid option.
unified().data('settings', {thisDoesNotExist: false})

Compatibility

Projects maintained by the unified collective are compatible with maintained versions of Node.js.

When we cut a new major release, we drop support for unmaintained versions of Node. This means we try to keep the current release line, rehype-dom@^7, compatible with Node.js 16.

Security

Use of rehype-dom can open you up to a cross-site scripting (XSS) attack if dangerous content is used and the result is used with the actual DOM. Use rehype-sanitize to solve that.

Contribute

See contributing.md in rehypejs/.github for ways to get started. See support.md for ways to get help.

This project has a code of conduct. By interacting with this repository, organisation, or community you agree to abide by its terms.

License

ISC © Keith McKnight

Keywords

FAQs

Last updated on 04 Sep 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc